Explanation

The DMZ is a logically and physically separated Ethernet connection from both the internal secure (usually the trusted Intranet) and the external insecure (usually the untrusted Internet) networks provided by a Firewall via a so called three-legged firewall setup (a so called screened-subnet firewall setup is also available using two separate Firewalls).

The DMZ aids the connection of e-Mail Servers, WEB Servers and FTP Servers or WLAN Access Points on a semi-secure network segment under the following general conditions:

Specification of a separate IP addressing subnet

Separate physical LAN Ethernet port (or ports), protected by the system Firewall that can acts like a Proxy Server as well

For anyone on the external insecure network who wants to illegally connect to the internal trusted network, the DMZ is a dead end.